Code scanning tools protect customers from open source licensing risks

Earn customer trust by protecting them from open source licensing risks by using code scanning tools in custom software to ensure GPL compliance.

Many IT shops that run open source software unwittingly violate licensing requirements, but solution providers can help them avoid that issue with code scanning tools.

For solution providers, it is important to create awareness about the risks, and guide customers through their options for taking care of them, said Ankur Mehrotra, managing director of Meteonic Innovation, a software consultancy in Bangalore, India.

"I think sooner or later people will realize the value of these tools and they will become part of the software lifecycle," Mehrotra said. "The problem is that people are not aware that these problems are there or that there is a risk."

It is important to create awareness about the risk, and guide customers through their options for taking care of it.

Ankur Mehrotra,
managing director, Meteonic Innovation

Open source licensing code scanner tools identify software and the open source projects the code comes from, and tell the companies what they need to do to comply.

An array of open source licensing compliance tools exist from companies such as Hewlett-Packard Co., Black Duck Software Inc., Koders, Palamida Inc. and Protecode Inc. These tools vary in their capabilities and functionalities and range in footprint size.

Solution providers who utilize open source software code, or work with companies that use open source software, can use these tools to add compliance services to their line-card.

"Anywhere programs are developed, companies need to have something like this to check the code," Mehrotra said.

Open source licensing violations common

Code content management and open source software license analysis is in demand in technology communities outside North America, especially in India, Japan and Korea, driven partly by the fact that a significant portion of the software developed there is exported (directly or embedded in devices) to North American and European markets, according to Protecode.

The market for software development in India is particularly huge and the need for open source licensing compliance tools is equally large, Mehrotra said.

"People want to make sure that they're using open source properly," Mehrotra said. "They don't want to not be compliant with the open source requirements."

In India, Mehrotra explained, there are many lawsuits that involve open source licensing violations. Indian developers are big users of open source code, because the quality is good and they don't want to reinvent the wheel, he added.

But often the enhancements the developers make are not shared back with the open source community, resulting in a license violation. The companies that hire these software developers and use the software are then on the hook for the violations, often not knowing there is anything wrong, Mehrotra said.

This week Protecode announced a seven-day trial of their cloud-based code scanning tool that will provide open source licensing compliance information.

Meteonic Innovation resells the Protecode product, and has found success with customer proof of concepts.

Let us know what you think about the story; email Leah Rosin, Site Editor, or follow us on Twitter.

Dig Deeper on Operating Systems and Software Services

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.